We have all heard of cyber security incidents lately. From Ransomware victims to stolen identities....the threats are more ferocious and occurring with ever more frequency. So, you should be asking, "how can I keep myself, my family, and my company or organization secure in the future?" That is our goal at this conference...to answer that question.

Most other conferences want to teach you all the "techy" stuff and try to make you believe that hardware and technology will keep you safe. I can tell you that no technology will keep you 100% safe and secure. So, how do you learn to get secure and stay safe? We will teach you that at this 4 hour conference.

This Internet Security Conference is called InterSec Wisconsin 2016, and will be held May 3rd, at Camp Douglas Wisconsin. Here is our website to learn more and register: www.intersecwi.com.

It used to be that firewalls, anti-virus, anti-malware may have been good enough to keep the "bad guys" out. However, the game has changed and today, it is very difficult for a firewall, or any security solution to do everything needed to keep the bad guys out.

In particular, you are the weakest link....that is to say, THE HUMAN FACTOR. This conference is designed not for the technically inclined, but just the opposite. The decision makers, the leaders, the non-techies. I promise we will keep the "cookies on the bottom shelf."

If there is a conference that you need to attend this year, that will speak to your "bottom line," or impact you potentially the most, both professionally and personally...this is it!

Listen to my radio broadcast this morning on WWIB in Eau Claire, WI. I talk about the current threats, the Human Factor, InterSec 2016, and Internet Security education.

Wednesday, October 21, 2015

Unfortunately, bad guys are business people too. Their time is money, and they follow market leaders. By now, Apple's market share of desktop computers is close to 17 percent. OS X, Apple's operating system, is popular with consumers and enterprises, making it a more interesting target for hackers since it has not been "mined" a lot, and Apple users are under the false impression that their platform is "safe and does not even need antivirus".

Well, a report that was released by security company Bit9 shows that more malware has been found this year for OS X than in the last five years combined. The company found 948 unique samples of malware this year compared to 180 between 2010 and last year. The malware is not yet super sophisticated, and is not hard to remove, but the increase is massive and much more than the increase in Windows Malware.

Still, it's early days yet compared with the fire-hose of Windows based malware which is around 400,000 new strains per day at the moment. However, an interesting fact about OS X this year is that many more software vulnerabilities have been disclosed than in past years. A list shows 276 flaws have been found in the last 12 months, which is about four times higher than the average number found annually over the last 15 years.

It looks like more and more researchers are focused on how to bypass OS X security mechanisms or how to get code to execute remotely.

And looking at the mobile side of the house, according to Net Market Share's September figures, iOS claimed 38.6 percent of the global mobile OS market share. The number of iOS devices in the enterprise might actually be higher. According to Good Technology's Q2 Mobility Index Report iOS had 64 percent of worldwide enterprise market share, although this had dropped from 70 percent the previous quarter.

From the perspective of security awareness training, Apple users need to be trained just as much as Windows users. More than half of the Apple malware found this year was aimed at forcing people to view ads, a malware class called adware. And infections were mostly dependent on social engineering end-users, like downloading what employees should "red flag" as dodgy software.

It is loud and clear that effective security awareness training is a must for all employees, regardless their computer, Windows or Apple OS X. Find out how affordable that is for your organization and be pleasantly surprised. Get a quote now:

Roger A. Grimes is an InfoWorld contributing editor. Roger holds more than 40 computer certifications and has authored eight books on computer security. He has been fighting malware and malicious hackers since 1987, beginning with disassembling early DOS viruses. A frequent industry speaker and educator, he currently works for Microsoft as a principal security architect.

Roger has another great column in InfoWorld about the biggest bang you can get for your Infosec budget. He started with: "Most organizations don’t do enough to educate users about computer security. The main purpose of user education programs is to decrease human-factor risk substantially. If they don’t accomplish that, the whole exercise is a waste of resources.

Such programs, if they exist at all, consist of a sort of security orientation program for new employees, with an annual update and refresher course lasting 15 minutes to an hour. Occasionally, you’ll see an in-house security newsletter and/or periodic Web posts that employees might read on a slow workday.

This lack of commitment is strange, considering the overall effectiveness of user education to stop employees from doing stupid stuff. In my opinion, doubling, tripling, or even quadrupling security education requirements and budgets should happen immediately in most organizations.

Why? Because the most prevalent, successful threats rely on social engineering, one way or another. That could be a phishing email, a rogue link, or an offer of a complimentary download that pops up on a trusted website. In rare instances, it’s a physical phone call asking for credentials to be reset or for the person to install “needed” diagnostics software to remove malware.

The fastest and cheapest bang for your buck is user education training to counteract those threats. Unfortunately, such programs tend to focus on scenarios users will never face -- or were prevalent 10 years ago. Certainly, most education programs fail to cover the malicious tactics an organization is fighting at a given time."

And in the rest of his column he gives some great suggestions how to manage this problem.